Whether you are just getting started or planning more advanced PAM strategies to accelerate digital transformation, we believe Gartner’s new report, “Best Practices for Privileged Access Management Through the Four Pillars of PAM,”1 can serve as a valuable guide. In the report, Gartner outlines key challenges and makes recommendations that security and risk management leaders responsible for identity and access management should consider, including:

Track and secure every privileged account. Gartner states that “The discovery of privileged accounts is fundamentally important, because the existence of any unaccounted privileged access, for even a short time, carries significant risk.” Gartner further notes that “Privileged accounts used by people to log in interactively to software and devices for privileged task execution include: personal, privileged accounts, shared, privileged accounts, built-in, administrative accounts, such as local administrator and root, and privileged account used by software include: application-to-application credentials, service accounts, and credentials that can be embedded in code and stored procedures.”

Govern and control access. According to Gartner, “privileged access governance, understanding and implementing appropriate PAM access, requires two things: effective identity life cycle processes to ensure that all changes in accounts with privileged access are accounted for and proper tracking, accounting for every privileged account and what that account can access.” After mastering these, organizations can evaluate and install PAM tools to implement controls, such as granting Just in Time access across a set of privileged accounts as part of a phased approach.

Record and audit privileged activity. Gartner encourages organizations to use the following recommendation to define and implement your approach to recording, auditing, and alerting: “Notable PAM activity that should generate alerts includes failed login attempts for privileged accounts; privileged access that bypasses PAM tools; and unusual access activities, such as abnormal times or places.”

Operationalize privileged tasks. Organizations that have already invested in PAM should look for opportunities to extend the value of their tools to accelerate digital transformation initiatives – from DevOps to robotic process automation. Gartner recommends “good targets for automation are predictable and repeatable tasks, such as simple configuration changes, software installations, service restarts, log management, startup and shutdown.”

Top 10 Security Projects for Security and Risk Management Organizations

According to Gartner, “by 2022, 90 percent of organizations will recognize that mitigation of PAM risk is a fundamental security control, which is an increase from 70 percent today.”* Is PAM a top security priority for your organization?